Bug 1314438 (CVE-2016-3177)
Summary: | CVE-2016-3177 giflib: Use-after-free in gifcolor utility | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED UPSTREAM | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | abaron, aortega, apevec, ayoung, chrisw, cvsbot-xmlrpc, dallan, gkotton, jschluet, kbasil, lhh, lpeer, markmc, rbryant, sclewis, security-response-team, slawomir, srevivo, tdecacqu, tsuter, vgaikwad |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-08-31 01:26:57 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1318264, 1318265 | ||
Bug Blocks: | 1314440 |
Description
Adam Mariš
2016-03-03 15:37:11 UTC
Acknowledgments: Name: Josselin Feist Upstream bug: https://sourceforge.net/p/giflib/bugs/83/ Created giflib tracking bugs for this issue: Affects: fedora-all [bug 1318264] Created mingw-giflib tracking bugs for this issue: Affects: fedora-all [bug 1318265] CVE request: http://seclists.org/oss-sec/2016/q1/657 CVE assignment: http://seclists.org/oss-sec/2016/q1/663 I believe that was introduced via https://sourceforge.net/p/giflib/code/ci/116179a7d4681dda9afcdd43b5fbfb391b44918b/ RHEL code base does not include this patch and should not be vulnerable. Statement: This issue did not affect the versions of giflib as shipped with Red Hat Enterprise Linux 5, 6, and 7. |